Subscribe: Connections
Added By: Feedage Forager Feedage Grade A rated
Language: English
blockchain  community  hat  iot  kubernetes  open source  open  openshift  podcast  red hat  red  source  technology  things 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Connections


This blog comments on a variety of technology news, trends, and products and how they connect. I'm in Red Hat's cloud product strategy group in my day job although I cover a broader set of topics here. This is a personal blog; the opinions are mine alone.

Updated: 2018-02-14T17:53:58.751-05:00


Podcast: Diane Mueller on evolving communities and OpenShift Commons


Diane Mueller is the community manager for OpenShift Origin, a Caas and PaaS platform for cloud-native application development, deployment, and operations. In this podcast, she discusses how communities like the OpenShift Commons are evolving from groups that were singularly focused on code contributions to ones that focus increasingly on users and contributors in other areas.OpenShift CommonsNext Gathering in San Francisco in MayFollow Diane on Twitter Listen to MP3 [20:52]Listen to OGG [20:52][TRANSCRIPT] Gordon Haff: For the first time in way too long, I am here with Diane Mueller, who runs community development for Red Hat OpenShift. Diane's been spending a lot of time over the last year thinking about how communities should be built and how they should be allowed to evolve.As a result, I think she has some interesting things to say about how open-source communities in general are evolving. Maybe we can start with a little bit of context of where you're coming from. We just had another very successful OpenShift Commons Gathering. What is OpenShift Commons and where we are right now?Diane Mueller: I'm the director of community development -- which means nothing to anybody -- for OpenShift.Basically, I've been in the open source world for almost 20 years now and worked on lots of different open standards, open source projects, and done a lot of thinking about what it is to develop a community that will sustain an open source project or move a standard forward in adoption.Thinking about what it really takes to create -- as someone famous once said, the village that it takes to raise a child -- the village that it takes to create a global ecosystem that supports and sustains people using your project.We hear a lot about trying to grab code contributions for an individual project and grow the maintainers of a project.I've learned over the past four or five years working at Red Hat about a lot of different open-source community models. With OpenShift, we had some really interesting things happen that forced us to really open up our ideas about what it is to make a community that will sustain a project for the long haul. A lot of it was about collaboration with upstream projects.What we did about two years ago, we pivoted the whole underpinnings of OpenShift to work with the Kubernetes community. If you don't know Kubernetes, Google it, find out about it -- cluster management and a whole lot more at scale for clouds. It is the underpinnings now, along with a lot of other open projects for OpenShift Origin, which is the project that I manage for Red Hat.What happened when we did that pivot was two things. One, we pivoted and we had an existing user base, so we had lots of people we had to educate about the redirection of our architecture and our project, and how to use it with new tools, new pods and a different approach to containers. All kinds of stuff.We had this fire-hose of information that we had to get out there to people who were already using it. Then we had a whole new community of people -- the Kubernetes community and others -- that we were trying to figure out how to collaborate with.Now, rather than just trying to get people to contribute to Origin, we were contributing back to upstream projects that were integral to our project's lifecycle, and had to keep in-sync with other projects, how to collaborate with Docker, then the OCI and all the other container standards.Tons of other projects for monitoring within the CNCF: Prometheus, Grafeas, and other projects that are out there. We had to create a new model. That model we named -- we had to give it some sort of name -- we called it the Commons because Red Hat's near Boston, and I'm from that area.Boston Common is a shared resource, the grass where you bring your cows to graze and you have your farmer's hipster market or whatever it is today that they do on Boston Commons besides protests and wonderful things, but it's also right next to City Hall and all the state government stuff.The governance and all of the other pieces of things that threaded together wi[...]

When companies focus too much on risk


When we think about security in the context of DevSecOps, an important mantra is that we need to move from thinking about providing absolute security to thinking about managing risk in the context of business outcomes. Move from “Just say no” to saying yes to small risks if the tradeoffs appear to be worth it.Let me illustrate this principle (in addition to a couple of other things) with an example that’s not drawn from the IT world. Right before the holidays, I took a last minute quick trip to speak at and attend a couple of events being held next to the airport outside San Francisco. Loaded the bags up and off I went. As I was being dropped off at the airport, I pull out my driver’s license so I won’t be fumbling around with my wallet, get out of the car, and head into the terminal.Somehow, in the course of 50 feet, space aliens made off with my license. Call the limo company. Driver takes a look. No luck. I still have absolutely no idea what happened. Now, normally, frequent traveler me has a travel folio with passport, spare credit cards, cash, and other potentially useful travel backups. But because this was just a quick trip I figured I didn’t need it.Lesson #1: You may not think you need a backup. Until you do.(See also. It’s just a small code change. We don’t need to re-run the test suite.)Crap. Visions of my trip mashed up with mushroom clouds seemed appropriate. But I wandered over to the security line anyway.Much to my surprise, my missing license turned out not to be a particularly serious problem. Yes, I had other ID although nothing government issued. I had my boarding pass on my phone. I have TSA Pre. And they gave me a thorough pat down and they inspected and detected my luggage very carefully. I was both impressed and surprised that I was able to hop on my flight.I thought I had dodged a bullet.Land SFO. Take shuttle bus to hotel. I won’t name the hotel. Let’s just say it’s a lower end chain I wouldn’t normally stay at but, as I said, this was a very last minute trip and with my usual chains either sold out or going for $700 a night I figured I could put up with the relative dump for a couple of nights.They have my reservation that I made online. Give them my credit card.“ID please."I tell my story. Consternation. “Umm, do you have a passport?"Well, no. But I can show you any number of cards. Here’s my company badge with a photo. You can easily look me up online. Nope. It was starting to look as if I’d have to start dialing various friends in the Bay area to see if they had a spare couch I could use.At this point, what I really wanted to say was: “Look. If I wanted to concoct some complicated scam for free hotel nights that somehow involved having 1.) an online reservation, 2.) a wallet full of cards including the credit card used to make the reservation, 3.) an official looking company ID, but 4.) no government-issued photo ID, I’m pretty sure it would be at an exotic resort and not an SFO fleabag."To bring us back to the original topic, sure, you can always impose more hard and fast rules but you really need to think about whether inflexibly imposing those rules is the best approach for the business. Lesson #2: Think about whether potential risks justify the costs of eliminating them (which you can never fully do anyway)In the end, I was able to check in. I didn’t say what I was thinking and we reached an agreement whereby I could pay cash, including a security deposit. (Fortunately, the dollar amount was small enough that I was able to withdraw what I needed from the ATM in the lobby.) Luckily, I did have my company ID with a photo; I don’t think they’d have let me stay with no photo ID at all—my face being all over the Web notwithstanding. So I do give some small amount of credit to the local manager for bending, however slightly, to what I have to assume are quite rigid corporate rules.Lesson #3: Empower employees to do the right thing as much as possibleI was also pleasantly surprised how easy and relatively inexpensive ($[...]

Podcast: Talking Kubernetes community at CloudNativeCon


Wrapping up the week at CloudNativeCon, I sat down with Google’s Paris Pittman, Heptio’s Jorge Castro, and Microsoft’s Jaice Singer DuMars to talk about their roles as Kubernetes community leads. Kubernetes has become so successful in large part because of the strength of its community. In this podcast, we talk about mentorship, getting involved, and being a welcoming community. 

Listen to the MP3 [26:56]

Listen to the OGG [26:56]




Podcast: HashiCorp's Armon Dadgar on "secret sprawl" and Vault



HashiCorp co-founder and CTO Armon Dadgar and I recorded this podcast at CloudNativeCon in Austin. In this podcast, we talk about the problem of secrets management, the changing nature of threats, the need to be secure by default, HashiCorp's Vault project, and Vault on Red Hat’s OpenShift.

The Vault project

OpenShift blog post on Vault integration

Listen to MP3 [17:40]

Listen to OGG [17:40]

Podcast: Heptio's Joe Beda talks Kubernetes



Heptio's CTO, Joe Beda, made the first public commit to Kubernetes. In this podcast he talks about ark (an open source project for Kubernetes disaster recovery), what made Kubernetes take off, why companies are moving so quickly on cloud-native, and where Kubernetes is headed.

From Joe’s perspective, companies realize that they’re at an inflection point and they have a sense of urgency about how they need to move quicker than in the past. That’s one of the factors that have driven container adoption at a faster pace than, say, virtualization even though the latter was arguably less disruptive to existing processes and infrastructure.

The next phase will be making the most effective use of Kubernetes clusters once they’re in place. Integrating them with other systems. Delivering value to customers on top of them. 

  • ark, a utility for managing disaster recover of Kubernetes clusters from Heptio, as discussed on the podcast

Listen to podcast in MP3 [12:42]

Listen to podcast in OGG [12:42]

Podcast: Kris Borchers of the JS Foundation


At CloudNativeCon in Austin, the Executive Director of the JS Foundation, Kris Borchers, sat down with me to talk about a variety of JS Foundation projects such as architect, jQuery, and JerryScript. We also discussed why JavaScript has been so successful; Kris chalks it up in part to its approachability and argues that, even if it’s not a perfect language, what language is? We also talked about the community which he describes as very energetic and always tweaking the ecosystem around the language (of which jQuery provides a great example).

Listen to the podcast [17:21] MP3

Listen to the podcast [17:21] OGG

Cloud-native data management with Kasten CEO Niraj Tolia



Kasten recently emerged from stealth and has released kanister, an extensible open-source framework for application-level data management on Kubernetes--as well as a commercial offering that builds on it. In this podcast, CEO Niraj Tolia discusses the increased need to manage storage used with Kubernetes at scale, the challenges of complex distributed apps, and the need for app-centric approaches that make infrastructure "boring" (to use my colleague Clayton Coleman's term).

 Listen to podcast in MP3 format [12:19]

 Listen to podcast in OGG format [12:19]

Blogging update


I realize that most people these days find posts by following social media links rather than using RSS or otherwise subscribing to blogs. But, just in case, anyone has been wondering why I’ve been pretty much inactive of late on this site, here goes.

I’ve actually been writing (and podcasting, albeit in spurts) as much as ever this past year but the bulk of that writing is increasingly spread across a variety of other channels and that’s likely to continue to be the case. You should encounter the links if you follow me on twitter (@ghaff). You can also go to my Bitmasons website where you’ll find links to most of the channels I publish on. (Occasional pieces will also be on The Register this year.) I may start publishing monthly digests here. We’ll see. 

Furthermore, although this has long mostly been a professional site, I’m splitting out (hopefully expanded) food, photography, and travel content to a new Wordpress site, which will hopefully kickoff in the coming weeks. 

Podcasts from CloudNativeCon/kubecon


Frederick Branczyk on Prometheus, metrics for cloud-native [13:14] MP3

Frederick discusses Prometheus including the goals of the project, a focus on simplicity, the distinction between metrics and logging, what's new in 2.0, and what's coming.

Marc Holmes of Chef Software on automation in a containerized cloud-native world [11:07] MP3

Chef Software's Marc Holmes talks about the global shift from automating infrastructure to automating applications, establishing a foundation for chaos engineering, and shifting security left.

Ben Sigelman of LightStep on OpenTracing, monitoring, and the challenges of distributed systems [19:41] MP3

Ben Sigelman worked on Dapper and Monarch at Google. He's now the co-founder of LightStep. At CloudNativeCon in Austin, we took the opportunity to cover a wide range of issues including the key challenges of distributed systems, the sometimes confusing monitoring/logging/tracing/etc. landscape, how monoliths evolve to microservices, Conway's Law, OpenTracing, and more.

Talking Jaeger with Yuri Shkuro and Pavo Loffay [11:08] MP3

Jaeger is an OpenTracing compatible open source distributed tracing system that came out of Uber. In this podcast, I sat down with Yuri Shkuro of Uber and Pavo Loffay of Red Hat to discuss the state of Jaeger, what problems it solves, where it fits with the broader cloud-native ecosystem, the Jaeger community, and where it's headed.

See also:

Cloud-native data management with Kasten CEO Niraj Tolia

Kris Borchers of the JS Foundation

Heptio's Joe Beda talks Kubernetes

HashiCorp's Armon Dadgar on "secret sprawl" and Vault

Eclipse IoT with Ian Skerrett of the Eclipse Foundation


For many people, Eclipse may not be the first open source organization that pops to mind when thinking about Internet-of-Things (IoT) projects. But, in fact, Eclipse hosts 28 projects that touch on a wide range of needs for organizations doing IoT projects. In September, I was attending the Eclipse IoT day and RedMonk's ThingMonk conference in London and had a chance to sit down with Ian Skerrett. Ian heads marketing for Eclipse and we spoke about Eclipse's IoT projects and how Eclipse thinks about IoT more broadly.(Apologies for the audio quality not being quite up to my usual standards. We had to record this outside, it was a windy day, and I didn’t have any recording gear to mitigate the wind noise.)Listen to podcast:MP3 [17:15]OGG [17:15]Links:iot.eclipse.orgTranscript:Gordon Haff:  Hi everyone. This is Gordon Haff, Technology Evangelist with Red Hat. You're in the Cloudy Chat podcast. I'm at London at ThingMonk, RedMonk's annual event on IoT. I'm here at Shoreditch Studios, and I'm pleased to be here with Ian Skerrett who runs marketing for the Eclipse Foundation. Welcome Ian.Ian Skerrett:  Great to be here, Gordon. Thanks for having me.Gordon:  Ian, could you start off by giving a little bit of background for yourself, how you came to be at Eclipse, and what your role is at Eclipse?Ian:  As you said, I'm working at the Eclipse Foundation, and my official title is the Vice President of Marketing. I help bring together the community and talk about what the community is doing around the different open source projects. Lots of people don't know, but Eclipse is a huge community of well over 300 projects.My specific role is on marketing, but I also deal a lot with IoT or IoT community which we're going to talk a bit more about. I probably spend half of my time on IoT right now.Gordon:  Eclipse has come a long way. I'm sure everybody listening to this has heard of Eclipse, but they probably think in terms of the IDE or some other specific development things. As you say, you have a very large presence in IoT today.Before we get into the details of, specifically, what Eclipse is doing in IoT, you gave a talk yesterday where you discussed things like Industry 4.0. That might be a useful context in order to talk about what Eclipse is doing, specifically, in IoT.Ian:  Industry 4.0 is a term that probably started in Germany. It's reflective of how things get made, if you think about a factory floor. Lots of people know about the Industrial Revolution. The first Industrial Revolution, that was the start of steam power, steam powered machines.The second Industrial Revolution was mass production. You think about car manufacturing, mass production around that.The third Industrial Revolution is credited with automation and robotics that have gone into the factory plants. Where Industry 4.0 comes from is what people talk about, the fourth Industrial Revolution, is how do you start connecting all those factory floors, the machinery and automation machinery on the factory floors to the enterprise IoT system.It's a term that comes out of Germany. Germany is the hub of industrial automation. That's where the machines that can make other machines that go into factory floors start off often. It started there. It's become an industry term that's been adopted globally and to talk about how do you start connecting up what a lot of people call the operational technology. The technology that's on the factory floor, to the enterprise IoT technology.That's the context and one industry that IoT plays into. IoT is a general term that plays in pretty well every industry out there, be it automotive, be it wearables, be it healthcare, be it industrial automation and manufacturing.Gordon:  Before we go further, you touched on something, which our listeners will be interested in. One of the questions I [...]

Red Hat's Mark Wagner on Hyperledger performance work


Mark Wagner is a performance engineer at Red Hat. He heads the Hyperledger Performance and Scalability Working Group. In this podcast, he discusses how he approaches distributed ledger performance and what we should expect to see as this technology evolves.Podcast:Listen to MP3 [13:45]Listen to OGG [13:45]Links:Podcast with Brian BehlendorfHyperledger Announces Performance and Scalability Working GroupMIT Tech Review Business of Blockchain eventMIT Sloan CIO Symposium: AI and blockchain's long gamesTranscript:Gordon Haff:   I'm sitting here with Senior Principal Performance Engineer, Mark Wagner. What we're going to talk about today is blockchain, Hyperledger, and some of the performance work that Mark's been doing around there. Mark, first introduce yourself.Mark Wagner:  My name is Mark Wagner. I'm in my 10th year here at Red Hat. My degree, from when I started many years ago, was hardware. I switched to software. I got the bug to do performance work when I saw the performance improvements I could make in software, in how things ran.Here at Red Hat, I've worked on everything from the kernel up through OpenShift and OpenStack at all the layers. My most recent assignment is in the blockchain area.Gordon: A lot of people probably associate blockchain with Bitcoin. What is blockchain, really?Mark: Blockchain itself is a technology where things are distributed. I like to think of it more as a distributed database at a really high level. Bitcoin is a particular implementation of it, but in general, blockchain ‑‑ and there's also a thing called distributed ledgers ‑‑ they're fairly similar in concept, but the blockchain itself is more for straight financial things like Bitcoin.Distributed ledgers are coming up a lot more in their uses across many different vertical markets, such as healthcare, asset tracking, IoT, and of course the financial markets, commodity trading, things like that.Gordon: As we've really seen over the last, I don't know, year or two years, there's still a lot of shaking out going on in terms of exactly what the use case is here, which of course makes the job for people like you harder when you don't know what the ultimate objectives necessarily are.Mark: Yes. It's shaking out in terms of both new verticals are being added, as well as there's multiple implementations going on right now, in a sense competing, but they're designed at different verticals in many cases, so that, in a true sense, not really competing, per se.Gordon: Now you're working in Hyperledger. Introduce Hyperledger.Mark: Hyperledger is a project in the Linux Foundation to bring open source distributed ledgers out into the world. I've been involved in it since December of 2016. Red Hat's been a member for two years.One of the things in Hyperledger, there are multiple projects within Hyperledger. The two main ones that people know are Fabric from IBM, Sawtooth from Intel. There's a bunch of smaller projects as well to complement these technologies.Both Fabric and Sawtooth are distributed ledger implementations with different consensus models and things like that, and getting to the point where they can do pluggable consensus models.One of the things that no one was doing at Hyperledger, and where I felt I could help across all the projects, is performance and scalability. People see out in the world that the Bitcoin and Ethereum stuff is not scaling. When it hits scale issues, things go poorly.I proposed in April that we have a Performance and Scale Working Group to go off, investigate this, and come up with some tests and ways to measure. It passed unanimously, but the scope was actually expanded from what I proposed, and they don't want it to just focus on Hyperledger but to focus industry‑wide.Since that time, I've been in touch with the Enterprise Ethere[...]

From Pots and Vats to Programs and Apps: Coming Soon!



Monkigras in London this past January had packaging as its theme, both in the software and the more meta sense. James Governor graciously extended me an invitation to speak. The resulting talk, A Short History of Packaging (video here), described how packaging in both retail and software has evolved from the functional to something that improves the buying and using experience.

I’d been looking to write a new book for a while. I knew I wanted it to relate to the containers, microservices, cloud broadly, etc. space, but I didn’t really have an angle. I considered just rewriting my three-year old Computing Next but so much had changed and so much remained in flux that the timing didn’t feel right.

But packaging! Now there was an angle and one that I could work on together with my Red Hat colleague William Henry (who is a senior consulting engineer and works on DevOps strategy). 

So that’s what we did. We set a target to do a book signing at Red Hat Summit in early June. We mostly made it. We signed a pre-release version and have spent the past month or so working off-and-on to polish up the contents, give colleagues the opportunity to review, and update a few things based on various industry announcements and events. 

We’re finally just about ready to go. I expect to have the paperback version orderable through Amazon by about mid-July. We’ll also be making a free PDF version available at around the same time; distribution details TBD. Given the free PDF I don’t expect to release a Kindle version. The layout of the book (sidebars, footnotes, some amount of graphics) doesn’t really lend itself to this format and it would be extra work.

The thesis of the book is that if you think about packaging broadly, it highlights critical tradeoffs.

Unpackaged and unbundled components offer ultimate flexibility, control, and customization. Packaging and bundling can simplify and improve usability—but potentially at the cost of constraining choice and future options.

Bundling can also create products that are interesting, useful, and economically viable in a way the fully disaggregated individual components may not be. Think newspapers, financial instruments, and numerous telecommunications services examples.

Open source software, composed of the ultimately malleable bits that can be modified and redistributed, offers near-infinite choice.

Yet, many software users and consumers desire a more opinionated, bundled, and yes, packaged experience—trading off choice for convenience.

This last point is a critical tension around open source software and, for lack of a better umbrella term, “the cloud” in the current era. Which makes understanding the role that packaging may play not just important, but a necessity. Ultimately, packaging enables open source to create the convenience and the ease of use that users want without giving up on innovation, community-driven development, and user control.

MIT Sloan CIO Symposium: AI and blockchain's long games


I wrote earlier about the broad transformation themes at the MIT Sloan CIO Symposium last month. Today, I’m going to wrap up by taking a look at a few of the specific panels over the course of the day.Artificial IntelligenceAndrew McAfee and Erik Brynjolfsson are regulars at this event. Their bestselling Second Machine Age focuses on the impact of automation and artificial intelligence on the future of work and technological, societal, and economic progress. Their new book Machine, Platform, Crowd: Harnessing Our Digital Future will be available later this month. Another panel, moderated by the MIT Media Lab’s Job Ito, featured discussions on the theme “Putting AI to Work.” Like blockchain, which I’ll get to in a bit, a common thread seemed to be something along the lines of AI and machine learning being supremely important but with much still to do. In general, panelists avoided getting too specific about timelines. Ryan Gariepy, CTO & Co-Founder, Clearpath & OTTO Motors put the timing on the majority of truck driving jobs going away as a “generation.” My overall takeaway is that AI is probably be one of those things where many people are predicting greater short-term effects than is warranted while underestimating the effects over the longer term.For example, Prof. Josh Tenenbaum, Professor, Department of Brain and Cognitive Sciences at MIT highlighted the difference between pattern recognition and modeling. He noted that "most of how children learn is not driven by pattern recognition” but it’s mostly pattern recognition where AI is having an impact on the market today.  He went on to say that "other parts like common sense understanding we are quite far from. We’re quite a way from a conversation.The narrative that expert systems are a thing of the past is wrong. You can't build a system that beats the world's best Go players without thinking about Go. You can't build a self-driving car without driving."Users of common “personal assistants” like Alexa have probably experienced something similar. Like a call center reading from a script, these assistants can recognize voices and act on simple command quite well. But get off script, especially in any way that requires an understanding of human behaviors, and their limitations quickly become clear.McAfee also pointed to the confluence of AI with communications technology as a major factor driving rapid change. As he puts it “two huge things are happening simultaneously: the spurt of AI and machine learning systems and, it’s easy to forget about this, but over a decade have connected humanity for the first time. Put the two together and are in very very new territory."As they do in their books, McAfee and Brynjolfsson also touched on the economic changes that these technological shifts could drive. For example, Brynjolfsson highlighted how “the underlying dynamics when you can produce things at near-zero marginal cost does tend to lead to winner takes all. The great decoupling of median wages is because a lot of the benefits have become much more concentrated."Both suggested that government policy will eventually have to play a part. As McAfee put it "times of great change are not calm times. There’s a concentration of wealth and economic activity. Concentration has some nice benefits but it leaves a lot behind.” With respect to Universal Basic Income, however, McAfee added that "a check from the government doesn't magically knit communities back together. There's a role for smart policies and smart government."BlockchainThe tone of the Trusted Data: The Role of Blockchain, Secure Identity, and Encryption panel was similar to that at Technology Review’s all-day blockc[...]

Transformation at MIT Sloan CIO Symposium 2017


When I attend an event such as the MIT Sloan CIO Symposium, as I did in Cambridge yesterday, I find myself thinking about common threads and touch points. A naive perusal of the agenda might have suggested a somewhat disparate set of emerging strategies and technologies. Digital transformation. AI. Man and Machine. Blockchain. IoT. Cloud.However, patterns emerged. We’re in such an interesting period of technology adoption and company transformation precisely because things that may at first seem loosely coupled turn out to reinforce each other. Thereby leading to powerful (and possibly unpredictable) outcomes. IoT is about data. AI is, at least in part, about taking interesting actions based on data. Cloud is about infrastructure that can support new applications for better customer experiences and more efficient operations. Blockchain may turn into a mechanism for better connecting organizations and the data they want to share. And so forth. We observe similar patters at many levels of technology stacks and throughout technology processes these days. New business imperatives require new types of applications. Delivering and operating these applications require DevOps. Their deployment demands new open hybrid infrastructures based on software-defined infrastructures and container platforms. (Which is why I spend much of my day job at Red Hat involved with platforms like OpenStack and OpenShift.)That it’s all connected is perhaps the primary theme the event reinforced. In this post, I focus on the “big picture” discussions around digital transformation. I’ll cover specific technologies such as AI in a future piece.Digital transformation on two dimensionsPeter Weill, Chairman, MIT Sloan Center for Information Systems Research (CISR) led off the day with some research that will be made public over the next few months. This research identified change associated with digital transformation as taking place on two different dimensions: customer experience (e.g. NPS) and operational efficiency (e.g. cost to income). Companies that transform on both dimensions ("future ready firms”) have a net margin 16 points higher than the industry average.Weill emphasized that these transformations are not just about technology. “Every one in room is struggling with cultural change question,” he said. As Jeanne Ross, also of CISR put it later in the day “Digital transformation is not about technology. It’s about redesigning your value prop and that means redesigning your company."Finally, it’s worth noting that these two dimensions mirror the two aspects of IT transformation that we see more broadly. The “bimodal IT” or two-speed IT model has somewhat fallen out of fashion; it’s often seen as an overly rigid model that de-emphasizes the modernization of legacy systems. I don’t really agree although I get the argument.Nonetheless, the CISR research highlights a key point: Both IT optimization and next-generation infrastructures and applications are important. However, they require different approaches. They both need to be part of an overall strategy connecting the business and the business’ technology. But the specific tactics needed to optimize and to transform are different and can’t be treated as part of a single go-forward motion. Four decisionsRoss broke down designing for digital transformation into four decisions.The first is defining a "vision for improving the lives of customers” because this affects what innovations will pursue.The second decision is defining  whether you’ll be primarily focused on customer engagement (market driven) or digitized solutions (product driven).The third decision is defining the digital[...]

Podcast: Dr. André Baumgart of EasiER AG on jumpstarting app dev with Red Hat's Open Innovation Labs



EasiER AG used Red Hat's Open Innovation Labs to create a new category of healthcare product to improve the emergency room experience. Dr. André Baumgart is one of the founders of EasiER AG and he sat down at Red Hat Summit with myself and my Red Hat colleague Jeremy Brown to talk about his experiences with the process. (Spoiler Alert: He’s a big fan.)

Among the key points he makes is that the program focused on business outcomes and problems that need to be solved rather than technology stacks.

Also in this podcast, Jeremy Brown shares some highlights about what’s different about the Open Innovation Labs from a more traditional consulting engagement. 

Link to MP3 (12:43)

Link to OGG (12:43)



Cautiously optimistic on blockchain at MIT


Blockchain has certain similarities to a number of other emerging technologies like IoT and cloud-native broadly. There’s a lot of hype and there’s conflation of different facets or use cases that aren’t necessarily all that related to each other. I won’t say that MIT Technology Review’s Business of Blockchain event at the Media Lab on April 18 avoided those traps entirely. But overall it did far better than average in providing a lucid and balanced perspective. In this post, I share some of the more interesting themes, discussion points, and statements from the day.It’s very earlyJoi Ito, the Director of the MIT Media Lab, captured what was probably the best description of the overall sentiment about blockchain adoption when he said that we "should have a cautious but optimistic view.” He went on to say that “it's a long game” and that we should also "be prepared for quite of bit of change.” In spite of this, he observed that there was a huge amount of investment going on. Asked why, he essentially shrugged and suggested that it was like the Internet boom where VCs and others felt they had to be part of the gold rush.  “It’s about the money." He summed up by saying "we're investing like it's 1998 but it's more like 1989."The role of standardsIn Ito’s view standards will play an important role and open standards are one of the things that we should pay attention to. However, Ito also drew further on the analogues between blockchain and the Internet when he went on to say that "where we standardize isn't necessarily a foregone conclusion” and once you lock in on a layer (such as IP in the case of the Internet), it’s harder to innovate in that space. As an example of the ongoing architectural discussion, he noted that there are "huge arguments if contracts should be a separate layer” yet we "can't really be interoperable until agree on what goes in which layer."Use casesMost of the discussion revolved around payment systems and, to a somewhat lesser degree, supply chain (e.g. provenance tracking).In addition to cryptocurrencies (with greater or lesser degrees of anonymity), payment systems also encompass using blockchains to reduce the cost of intermediaries or eliminating them entirely. This could in principle better enable micropayment or payment systems for individuals who are currently unbanked. Robleh Ali, a research scientist in MIT’s Digital Currency Initiative notes that there’s “very little competition in the financial sector. It’s hard to enter for regulatory and other reasons." In his opinion, even if blockchain-based payment systems didn’t eliminate the role of banks, moving money outside the financial system would put pressure on them to reduce fees.A couple of other well-worn blockchain examples involve supply chains. Everledger uses blockchain to track features such as diamond cut and quality, as well as monitoring diamonds from war zones. Another recent example comes from IBM and Maersk who say that they are using blockchain to "manage transactions among network of shippers, freight forwarders, ocean carriers, ports and customs authorities.” (IBM has been very involved with the Hyperledger Project, which my employer Red Hat is also a member of. For more background on Hyperledger, check out my podcast and discussion with Brian Behlendorf—who also spoke at this event—from a couple months back.)It’s at least plausible that supply chain could be a good fit for blockchain. There’s a lot of interest in better tracking assets as they flow through a web of disconnected entities. And it’s an area that doesn’t have much in the wa[...]

DevOps Culture: continuous improvement for Digital Transformation


In contrast to even tightly-run enterprise software practices, the speed at which big Internet businesses such as Amazon and Netflix can enhance, update, and tune their customer-facing services can be eye opening. Yet a miniscule number of these deployments cause any kind of outage. These companies are different from more traditional businesses in many ways. Nonetheless they set benchmarks for what is possible. Enterprise IT organizations must do likewise if they’re to rapidly create and iterate on the new types of digital services needed to succeed in the marketplace today. Customers demand anywhere/anywhen self-service transactions and winning businesses meet those demands better than their competition. Operational decisions within organizations also must increasingly be informed by data and analytics, requiring another whole set of applications and data sets.Amazon and Netflix got to where they are using DevOps. DevOps touches many different aspects of the software development, delivery, and operations process. But, at a high level, it can be thought of as applying open source principles and practices to automation, platform design, and culture. The goal is to make the overall process associated with software faster, more flexible, and incremental. Ideas like the continuous improvement based on metrics and data that have transformed manufacturing in many industries are at the heart of the DevOps concept.Development tools and other technologies are certainly part of DevOps. Pervasive and consistent automation is often used as a way to jumpstart DevOps in an organization. Playbooks that encode complex multi-part tasks improve both speed and consistency. It can also improve security by reducing the number of error-prone manual processes. Even narrowly targeted uses of automation are a highly effective way for organizations to gain immediate value from DevOps.Modern application platforms, such as those based on containers, can also enable more modular software architectures and provide a flexible foundation for implementing DevOps. At the organizational level, a container platform allows for appropriate ownership of the technology stack and processes, reducing hand-offs and the costly change coordination that comes with them. However, even with the best tools and platforms in place, DevOps initiatives will fail unless an organization develops the right kind of culture. One of the key transformational elements is developing trust among developers, operations, IT management, and business owners through openness and accountability. In addition to being a source of innovative tooling, open source serves as a great model for the iterative development, open collaboration, and transparent communities that DevOps requires to succeed.Ultimately, DevOps becomes most effective when its principles pervade an organization rather than being limited to developer and IT operations roles. This includes putting the incentives in place to encourage experimentation and (fast) failure, transparency in decision-making, and reward systems that encourage trust and cooperation. The rich communication flows that characterize many distributed open source projects are likewise important to both DevOps initiatives and modern organizations more broadly.Shifting culture is always challenging and often needs to be an evolution. For example, Target CIO Mike McNamara noted in a recent interview that “What you come up against is: ‘My area can’t be agile because…’ It’s a natural resistance to change – and in some mission-critical areas, the concerns are warranted. So in those areas,[...]

DevSecOps at Red Hat Summit 2017



We’re starting to hear “DevSecOps" mentioned a lot. The term causes some DevOps purists to roll their eyes and insist that security has always been part of DevOps. If you press hard enough, they may even pull out a well-thumbed copy of The Phoenix Project by Gene Kim et al. [1] and point to the many passages which discuss making security part of the process from the beginning rather than a big barrier at the end.

But the reality is that security is often something apart from DevOps even today. Even if DevOps should include continuously integrating and automating security at scale. It’s at least in part because security and compliance operated largely in their own world historically. At a DevOpsDays event last year, one senior security professional even told me that this was the first IT event that was not security-specific that he had ever attended.

With that context, I’d like to point you to a session that my colleague William Henry and I will be giving at Red Hat Summit on May 3. In DevSecOps the open source way we’ll discuss how the IT environment has changed across both development and operations. Think characteristics and technologies like microservices, component reuse, automation, pervasive access, immutability, flexible deploys, rapid tech churn, software-defined everything, a much faster pace, and containers.

Risk has to be managed across all of these. (Which is also a change. Historically, we tended to talk in terms of eliminating risk while today it’s more about managing risk in a business context.)

Doing so requires securing the software assets that get built and well as the machinery doing the building. It requires securing the development process from the source code through the rest of the software supply chain. It requires securing deployments and ongoing operations continuously and not just at a point in time. And it requires securing both the application and the container platform APIs.

We hope to see you at our talk. But whether or not you can make it to see us specifically, we hope that you can make it to Red Hat Summit in Boston from May 2-4. I’m also going to put in a plug for the OpenShift Commons Gathering on the day before (Monday, May 1).


[1] If you’re reading this, you’ve almost certainly heard of The Phoenix Project. But, if not, it’s a fable of sorts about making IT more flexible, effective, and agile. It’s widely cited as one of the source texts for the DevOps movement.

Links for 04-13-2017


3 open source web design templates | Opensource.comFitbit’s smartwatch struggles are real and not just in hardware - The VergeThreads on VimeoLet's Tell a Story TogetherTwitter - RT @asheshbadani: The actual list of @openshift customers speaking @RedHatSummit is even larger. Get to Boston in early April!! Bruce Conner's restored mushroom clouds: You can't look away - LA TimesThe Data Visualisation CatalogueThe IoT Testing Atlas | ThoughtWorksTwitter - RT @dberkholz: Still waiting for the non-laptop experience to stop sucking for creators rather than consumers What makes us Red Hat - What Makes Us Red Hat. Really great piece. #redhatTwitter - RT @apanouss: “Digital transformation — brought to you by open hybrid cloud” by @ghaff Untitled ( - SNEAK PEEK: The latest #opensourcestories trailer is here. See the full film at #RHSummit. Speakers | Red Hat Summit 2017 - Great speaker lineup at #RHSummit I’ll also be talking on DevSecOps with @ipbabble Flickr - My photos from #openshift Commons Gathering in Berlin Connections: Upcoming: MIT Sloan CIO Symposium - Was able to wrangle schedule so I can attend MIT Sloan CIO Symposium again on 5/24. I’m hosting lunch discussion. OpenJDK and Containers – RHD Blog - RT @RealGeneKim: Ah: turning the JVM runtime. Still necessary, esp inside socket: Red Hat blog: OpenJDK and Containers Twitter - RT @kernelcdub: Amadeus describing processing 40-70B transactions per day with thousands of microservices #ONS2017 Intel Vigorously Defends Chip Innovation Progress - "Intel Vigorously Defends Chip Innovation Progress" Good read as always from TPM. Thoughts and Perspectives from OpenShift Commons Berlin – OpenShift Blog - RT @joefern1: "Volvo migrated their car buying system to containers and onto OpenShift" >>Websphere on #Kubernetes in @Openshift Release v0.1 · kubernetes-incubator/cri-o · GitHub - RT @kelseyhightower: The cri-o 0.1 release is a huge milestone and demonstrates the value of the Kubernetes container runtime interface. [...]

Podcasts: Talking cloud native projects at CloudNativeCon in Berlin



Eduardo Silva, Fluentd/Treasure Data

A project within the Cloud Native Computing Foundation, Fluentd is focused on logging, pulling together data from a variety of sources and sending it to a back-end. Eduardo Silva spoke with me at CloudNativeCon in Berlin about Fluentd and its flexible architecture for plug-ins. Fluentd is widely used for tasks like aggregating mobile stats and to understand how games are behaving.

Listen to MP3 (15:10)

Listen to OGG (15:10)

Miek Gieben, CoreDNS

CoreDNS, which provides cloud-native DNS server and service discovery, recently joined the CNCF. In this podcast Miek provides  context about DNS and explains how today’s more dynamic environments aren’t always a good match with traditional approaches to DNS. Miek takes us through how CoreDNS came to be and discusses some possible future paths that it might take.

Listen to MP3 (12:24)

Listen to OGG (12:24)

Björn Rabenstein, Prometheus/SoundCloud

Bjorn Rabenstein of SoundCloud sat down with me at CloudNativeCon in Berlin to discuss Prometheus, the first project to be brought into the Cloud Native Computing Foundation after Kubernetes. Prometheus is a popular open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. In this podcast, we get into the background behind Prometheus, why new monitoring tools are needed for cloud-native, and when you should wake people up with an alert--and when you shouldn't.

Listen to MP3 (16:38)

Listen to OGG (16:38)

Sarah Novotny, Kubernetes/Google

Sarah Novotny does open source community for Google Cloud and is also the program manager of the Kubernetes community. She has years of experience in open source communities including MySQL and NGINX. In the podcast we cover the challenges inherent in shifting from a company-led project to a community-led one, principles that can lead to more successful communities, and how to structure decision-making.

I’ve written an article with excerpts from this podcast which will appear on I’ll link to it from here when it’s available.

Listen to MP3 (20:54)

Listen to OGG (20:54)

Upcoming: MIT Sloan CIO Symposium


My May schedule has been something of a train wreck given a Red Hat Summit in Boston (use code SOC17 for a discount) that’s earlier than usual and generally lots of events in flight. As a result, I didn’t know until a couple of days ago whether I would be able to attend this year’s MIT Sloan CIO Symposium on May 24. I always look forward to going. This is admittedly in part because I get to hop on a train for an hour ride into Cambridge rather than a metal sky tube for many hours.But it’s also because the event brings together executives who spend a lot of time focusing on the business aspects of technology change. As you’d expect from an MIT event, there’s also a heavy academic component from MIT and elsewhere. Erik Brynjolfsson, Andrew McAfee, and Sandy Pentland are regulars. As I have for the past few years, I’ll be hosting a lunchtime discussion table on a topic TBD as well as covering the event in this blog afterwards. Data, security, and IoT at MIT Sloan CIO Symposium 2016MIT Sloan CIO Symposium 2015: Dealing with DisruptionThis year the Symposium will focus on the theme, “The CIO Adventure: Now, Next and… Beyond,” and will provide attendees with a roadmap for the changing digital landscape ahead. Among the associated topics are challenges of digital transformation, talent shortages, executive advancement to the C-suite, and leading-edge research.Here’s some additional information from the event organizers:The full agenda is available at Highlights include: Kickoff Panel: “Pathways to Future Ready: The Digital Playbook” will discuss a framework for digital transformation and facilitate a conversation on lessons learned from executives leading these transformations. Virtually every company is working on transforming their business for the digital era and this panel will provide a playbook for digital. Featuring Peter Weill, Chairman, MIT Sloan Center for Information Systems Research (CISR); Jim Fowler, Vice President & Chief Information Officer, General Electric; David Gledhill, Group Chief Information Officer and Head of Group Technology & Operations, DBS; and Lucille Mayer, Head of Client Experience Delivery and Global Innovation, BNY Mellon. Fireside Chat: “Machine | Platform | Crowd: Harnessing Our Digital Future” will be moderated by Jason Pontin, Editor-in-Chief and Publisher of MIT Technology Review and feature Erik Brynjolfsson, Director, and Andy McAfee, Co-Director, of the MIT Initiative on the Digital Economy (IDE), discussing what they call "the second phase of the second machine age." This phase has a greater sense of urgency, as technologies are demonstrating that they can do much more than just the type of work we have thought of as routine. The last time new technologies had such a huge impact on the business world was about a century ago, when electricity took over from steam power and transformed manufacturing. Many successful incumbent companies, in fact most of them, did not survive this transition. This panel will enable CIOs to rethink the balance between minds and machines, between products and platforms, and between the core and the crowd.Other panel sessions driven by key IT leaders, practitioners, and MIT researchers will include:“The Cognitive Company: Incremental Present, Transformational Future”; “Cloud Strategies: The Next Level of Digital Transformation”; “The CIO Adventure: Insights from the Leadership Award Finalists”; “Preparing for the Future[...]

Links for 03-17-2017


Video: A Short History of Packaging


width="560" height="315" src="" frameborder="0" allowfullscreen>

From Monkigras London 2017

We’re in the middle of big changes in how we bundle up software and deliver it. But packaging didn’t start with software. I take you on a tour of how we’ve packaged up goods for consumption over time and--more importantly--why we did so and what different approaches we’ve taken then and now. The goal of this talk is to take the packaging discussion up a level so to better focus on the fundamental objectives and some of the broad approaches and trade-offs associated with achieving them.

Final Open Source Leadership Summit podcast roundup


I recorded a number of podcasts at the Open Source Leadership Summit in Lake Tahoe last month. Most of them are with heads of the various foundations under the Linux Foundation. They’re each about 15 minutes long. In addition to the podcasts themselves linked to from the blog posts, five of them have transcripts and two have stories on opensource.comHeather Kirksey, Open Platform for Network Functions Virtualization (OPNFV) "Telecom operators are looking to rethink, reimagine, and transform their networks from things being built on proprietary boxes to dynamic cloud applications with a lot more being in software. [This lets them] provision services more quickly, allocate bandwidth more dynamically, and scale out and scale in more effectively."Mikeal Rogers, node"The shift that we made was to create a support system and an education system to take a user and turn them into a contributor, first at a very low level and educate them to bring them into the committer pool and eventually into the maintainer pool. The end result of this is that we have a wide range of skillsets. Rather than trying to attract phenomenal developers, we're creating new phenomenal developers."Connections with transcriptsBrian Behlendorf, Hyperledger "That's what gets me excited is these positive social impacts that at the same time, are also potentially helping solve structural problems for the business sector. I haven't seen that kind of synergy, that kind of combination of value from these two different things since the early days of the Internet."Dan Kohn, Cloud Native Computing Foundation (CNCF)"When you have those developers that feel like their contributions are valued and taken seriously, then there's a whole ecosystem that forms around them, of companies that are interested in offering services to them, employing them, that want to make these services available to other folks. Then a foundation like ours can come up and help make those services available. I really think that, that developer focus is the key thing to keep in mind."Nicko Van Someren, Core Infrastructure Initiative (CII)  "Going forwards, we're trying to move to probably put more into the strategic stuff, because we feel like we can get better leverage, more magnification of the effect, if we put money into a tool and the capabilities to use that tool. I think one of the things we're looking at for 2017 is work to improve the usability of a lot of security tools.There's no shortage of great tools for doing static analysis or fuzz testing, but there is often a difficulty in making it easy for you to integrate those into a continuous test process for an open‑source project. Trying to build things to make it easier to deploy the existing open‑source tools is an area in the strategic spin that we want to put a lot into in 2017."Chris Aniszczyk, Open Container Initiative (OCI) "People have learned their lessons, and I think they want to standardize on the thing that will allow the market to grow. Everyone wants containers to be super‑successful, run everywhere, build out the business, and then compete on the actual higher levels, sell services and products around that, and not try to fragment the market in a way where people won't adopt containers, because they're scared that it's not ready, it's a technology that's still [laughs] being developed."Al Gillen, IDC “With container technology and the abilit[...]